Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user

Aruba Networks ClearPass is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Insight module. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to forge requests. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.